It is common practice in today's highly networked environment for remote software systems or services to be made available to end users over the Internet from geographically disperse locations, which can originate from potentially all over the entire globe. Sometimes these systems fail or encounter errors of some kind. Typically, this results in error codes and messages being sent to the end users over the Internet. In many cases, these error codes contain valuable information about the remote service and/or its configuration. Moreover, the mere presence of this information can create unsuspecting security vulnerabilities for the remote software systems.
In fact, it is common practice to embed system information into display screens presented to end users (e.g., login screens, error screens, etc.) that can aid system administrators or help desks in identifying software elements, system devices, and the like involved in processing events leading up to the screen presentation of error information. The information when relayed from an end user to help desk personnel or when obtained by a system administrator can prove to be invaluable when trying to resolve problems occurring within complex and often geographically dispersed processing environments in which multiple devices and/or services participate in the delivery of content to end users.
However, the mere presence of such informative error messages may also pose a substantial security risk if these messages convey information that can be used in a malicious or nefarious manner by intruders to compromise the back-end system or service being remotely supplied to an end user.
For example, some Hypertext Transfer Protocol (HTTP) messages include a common port identification for which a communication error occurred. Although this may seem on the surface to be fairly innocuous, it actually can provide specific port identification to an intruder. Thus, the intruder can identify the port over which Internet communications are occurring for a specific environment. This is but one example where seemingly innocent error messages, which have been standardized to some degree across platforms and environments, can supply useful configuration information about a backend system to intruders.
Accordingly, what is needed are more secure problem resolution techniques for complex data response networks.